Software quality assurance provider Coverity has released a new tool that will allow application developers to write more secure code for multithreaded applications.
Multithreaded applications are specifically designed to take advantage of the increasing number of multicore processors available in the market.
A multicore CPU combines two or more independent cores into a single package composed of a single integrated circuit. Last month, a senior Intel executive admitted that while multicore chips will help meet growing computing demands, it could create more challenges for programmers writing code.
This is because as technology develops at a fast rate, developers are being forced to rapidly adapt to programming for multicore systems. Specifically, programmers have to transition from programming for single-core processors to multiple cores, all the while future-proofing the code to keep up-to-date in case additional cores are added to a computing system.
Coverity as a company specialises in detecting coding flaws in C/C++ and Java software, and its new tool, Coverity Thread Analyzer for Java, is touted as a dynamic analysis tool for multithreaded applications.
It says that it can automatically detect concurrency defects that can cause data corruption and application failures.
The tool observes code as it is executed and automatically identifies race conditions and deadlocks. The company say this is unique in the field of dynamic analysis because it "detects not only problems that will occur in limited testing environments, but also problems that have the potential to occur over extended operations in field environments."
Coverity Thread Analyzer can also be used in conjunction with its static analysis tool, Coverity Prevent.
"The continued growth of multicore processors has forced development teams to begin creating multithreaded applications whether they are ready or not," said Michael Monticello, security and risk analyst at analyst group Enterprise Management Associates.
"To successfully eliminate the concurrency defects inherent to multithreaded applications, organisations need sophisticated new tools that pinpoint these hard-to-find issues so developers can focus on bringing secure and reliable new products to market," he added.
This distinction, says Coverity, is particularly important for multi-threaded applications that, due to their complexity, may run without failure for extremely long periods of time before a "perfect storm" of system events triggers a concurrency defect.
It points, as an example, to the North American blackout of 2003, which it says was due to a race condition that occurred after 3 million hours of consecutive system operation.
The company says that Coverity Thread Analyzer also reduces the risk when migrating complex, single-threaded code bases into multi-core environments. It does this via reporting thread-shared data to users, indicating locations where a locking discipline should be introduced. This allows developers to proactively identify existing and potential concurrency issues, so they can eliminate them before they cause failures in the field.
"As the demand for multi-threaded Java applications continues to accelerate, software developers are now faced with the pressure to deliver significantly more complex products, often on the same tight timelines as the single-threaded products that preceded them," said Coverity CTO Ben Chelf in a statement.
Coverity Thread Analyzer is a standalone product that runs on Linux, Solaris Sparc, Solaris X86, Windows XP and Server 2003, and Mac OS X. It supports Sun JDK 1.5, IBM’s 1.5 JVM and BEA Jrockit 5.
Coverity did not respond at the time of writing to an interview request, but pricing starts at $20,000.